Blocking Multicast on Layer 2 switch

Similar Messages

• Multicast blocking in layer 2 switch

  Hello there,
  I need your help, this is the problem that I have.
  We have a 3750X with 7 ports assigned to a different multicast IP address (connected to the encoders), these are the ports with the multicast ip address and the rate that the encoder is sending:
  Pto 2 - 230.1.1.1:5001 - 3.5 Mbps
  Pto 3 - 230.1.1.2:5002 - 3.5 Mbps
  Pto 13 - 230.1.1.22:5022 - 15 Mbps
  Pto 13 - 230.1.1.23:5023 - 15 Mbps
  Pto 13 - 230.1.1.24:5004 - 15 Mbps
  Pto 13 - 230.1.1.25:5025 - 15 Mbps
  Pto 13 - 230.1.1.26:5026 - 5.0 Mbps
  The last port (48) is connected to a different device and this box is receiving the multicast ip addresses. My problem is that in every single port on the switch is receiving all the multicast traffic so the switch is having high cpu, I have the outputs from the console monitor (application that sees the odd behavior).
  As far as I know this is expected since this is layer 2 device but I'm not sure. Please help so I can configure what I need to stop the high cpu and the traffic to be sent over the rest of the ports (including those ports).
  Kindly regards

  Hi ,
  You can block layer 2 Multicast traffic with following commands
  Step 3 
  switchport block multicast
  Block unknown multicast forwarding out of the port.
  Note Only pure Layer 2 multicast traffic is blocked. Multicast packets that contain IPv4 or IPv6 information in the header are not blocked.
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/configuration/guide/scg_2960/swtrafc.html
  HTH
  Sandy

• Block external webaddress from layer 2 switch

  Dear all,
  I am trying to permit a website address 130.x.x.x from layer 2 switch, all other traffic should be denied.
  I am trying this by:
  access-list 15 permit host 130.x.x.x
  access-list 15 deny any
  and then applying it to interface fa0/5 in
  this results in blocking all the traffic and don't permit the required address.
  Layer 2 switch doesn't support ACL to be applied on OUT interface.
  Please advise.

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  Another way to accomplish this, is to place the necessary commands into a file placed on the device's local flash.  Then you just copy the file from flash to the running config.
  Like Peter's posting, I too would recommend a timed reload.  (I also normally use a five minute time.)
  This technique, or Peter's, can also be used to even change the attributes of the interface being used for remote connectivity.

• Blocking multicast on Cat 2950SI

  Hello,
  I'm currently blocking multicast on a edge port of access switch using "switchport block multicast". The only user of multicast addressing is HSRP, and edge PCs don't need to receive HSRP packets.
  This command is supported on Cat 2950 EI and on Cat 29xx XL platform, but not od 2950 SI. Questions:
  - do you know, if it will be supported on 2950 SI as well
  - can you recommend me some other solution (command or feature) to achieve the same or similar effect on 2950 SI ?
  Thanks. Honza Klicka

  Honza,
  This featrure will not be supported on 2950 SI as this feature is available only on EI. You SI image has only limited fetaures, that's the limitation.
  We would have recommended you using the Acls; but that is also not supported on SI.
  HTH,
  -amit singh

• Multicast and Flexconnect Local Switching

  Hi All,
  Hope you can help with this -
  I have the following:
  A 5508 in a remote datacentre and several sites with AP's running in flexconnect mode, connected to cisco switches.
  I have an ssid on which I want to run some push to talk "phones" which I believe use multicast.
  What do I need to do to enable multicast for this, I have read many documents but I'm a little confused !
  I need to enable multicast on the controller globally ?
  Enable igmp snooping ?
  Does multicast mode need to be multicast or unicast ?
  Do I need a multicast address in this case ?
  Do i need to configure the switches (2960) for any multicast configuration, there is none at present ?
  The phones that do PTT will only need to talk to other phones locally at each site, but each site will have some phones, does this make any difference to anything ?
  hope someone can help, thanks !

  The guidelines for Flexconnect and Multicast are as follows:
  1. Set the AP Multicate mode on the controller to Unicast (Multicast-Unicast Mode) : The wireless controller replicates the multicast packet and sends it to each Access Point in a Unicast CAPWAP Tunnel
  2. L3 routing isn't required on the wired network
  3. There will be high controller and wired network loading
  4. No multicast address is required in multicast-unicast mode
  5. No multicast configuration required on Layer 2 switches as CGMP is enabled  by default

• Cisco Asa 5505 and Layer 3 Switch With Remote VPN Access

  i got today a new CISCO LAYER 3 Switch .. so here is my scenrio
  Cisco Asa 5505
  I
  Outside  == 155.155.155.x
  Inside  =      192.168.7.1
  VPN POOL Address =   10.10.10.1   -   10.10.10.20
  Layer 3 Switch Config
  Vlan 2
  interface ip address =  192.168.1.1
  Vlan 2
  interface ip address =  192.168.2.1
  Vlan 2
  interface ip address =  192.168.3.1
  Vlan 2
  interface ip address =  192.168.4.1
  Vlan 2
  interface ip address =  192.168.5.1
  ip Routing
  So i want My Remote Access VPN clients to access all this Networks. So Please can you give me a helpfull trick or Link to configure the rest of my routing
  Thank You all

  When My Remote VPN is Connected , it reaches 192.168.7.2 of the Layer 3 VLan that's Connected to The ASA 5505 ,
  But i can't reach the rest of the VLAN - example
  192.168.1.1
  192.168.1.2
  192.168.1.3
  192.168.1.4
  192.168.1.5
  But i can reach the Connected Interface Vlan to My ASA ..
  So here i think iam miss configuration to my Route
  Any Help Please this is urgent

• Multi-layer/layer3 switch VS. Router

  Multi-Layer Switch or Layer3 switch vs. router; How they are different?
  1.7

  In a router the route calculation and packet processing take place in the software on layer 3. This means that packets need to be moved from the layer 2 hardware interface to layer three and so it takes some time. In a layer 3 Switch Routing calculations takes place at layer 3 in hardware or software, while the actual packet processing takes place at layer 2. The speed gain is accomplished by reducing the amount of features supported and moving as much logic as possible into hardware.

• %C4K_HWPORTMAN-4-BLOCKEDTXQUEUE: Blocked transmit queue HwTxQId0 on Switch

  Hi,
  On many 4506-E switch with cat4500e-entservicesk9-mz.122-53.SG1.bin, I have frequently this error :
  Feb 17 10:30:40.879 GMT+1: %C4K_HWPORTMAN-4-BLOCKEDTXQUEUE: Blocked transmit queue HwTxQId7 on Switch Phyport Gi2/48, count=102879
  And it's always between the 4506-E and the Cisco 2901/K1 router, the port is blocked (Pause frames).
  I did this below (excepted reset the line card) but the only thing to unblock the port is to reboot cisco2901/K9.
  When the problem occurs the console port on the cisco2901/k9 is unreachable and I turned off the port on the 4506 and I disconnected the physical link, the port Ge0/0 on the Cisco2901 still has green leds as if it still was connected !
  I also tried this command "flowcontrol receive off" on the 4506's port with the Cisco2902/K9, but nothing change (
  Peer is Sending Pause Frames => flow control problem)
  So i have no idea where is the problem ? Would you have an idea ?
  Thank you for your help.
  Regards.
  David
  Core issue
  The %C4K_HWPORTMAN-4-BLOCKEDTXQUEUE:Blocked transmit queue HwTxQId[dec]on[char], count=[dec] error message is generated on a Cisco Catalyst 4500 series switch when connected to a device. This error is a rate-limited message that indicates a transmit queue blockage on a port.
  In this case, the traffic on the affected port is limited and blocked for reasons other than being paused. This blockage can occur if the supervisor is not able to send packets to the line card because a busybit message is received. In this situation, blocked transmit queue messages are seen. A bad hardware or speed and duplex mismatch can cause this problem.
  Resolution
  Perform these procedures as a workaround for this issue:
  Issue the shut /no shut commands to recover the port and configure both ends to operate at the same speed and duplex, as per Cisco bug ID CSCsb62330.
  If the problem persists, move the connected device to another port and see if the problem also happens there.
  Issue the hw-module reset command to reboot the switch or reset the line card, as a final attempt to unblock the Transmit (Tx) queue.
  Alternatively, upgrade the the Cisco IOS version to the 12.2(25)EWA2 and 12.2(25)SG releases, which have the fix for this problem, as per Cisco bug ID CSCsb01311.

  Thank you for documenting this issue with details.  I had this same issue on my Cat4503-E in using VTP 2.0 with a CISCO3640.  Once I hard-set the speed/duplex of the trunk port on my Cat4503-E, as well as fa0/0 on my CISCO3640, all I had to do was reload the Cat4503-E.  The trunking and VTP both worked just fine.
  -cecastil, CCIE #1868

• Non-Blocking Multicast Sockets in JDK 1.4?

  Hi,
  I've been trying to create non-blocking multicast sockets in JDK1.4, which essentially seems (at this stage) to boil down to the simpler problem of creating a DatagramChannel that uses MulticastSockets, or at least DatagramSockets that can join a Multicast group. Not having found any obvious way to do it, I created this extraordinary hack:
  package java.net; // Wicked, wicked!
  import java.io.*;
  public class MyDatagramSocket {
  public static void join(java.net.DatagramSocket socket, InetAddress addr)
  throws IOExceptio DatagramSocket ds = new DatagramSocket(port);
  ds.setReuseAddress(true);
  MyDatagramSocket.join(ds, InetAddress.getByName("224.0.0.104"));
  DatagramPacket dp = new DatagramPacket(array, 5000);
  ds.receive(dp);          /* READS FINE */
  n
  socket.impl.join(addr); // Uses knowledge of DatagramSocket culled from examining source to access DatagramSocketImpl
  Now I compile this, and drop the class file into my rt.jar files (in the JDK and the JRE), so that I can use MyDatagramSocket.join (DatagramSocket, InetAddress), which looks like it should work from code like this:
  try {
  int port = 58501;
  DatagramChannel dc = DatagramChannel.open();
  dc.socket().setReuseAddress(true);
  dc.socket().bind(new InetSocketAddress(port));
  MyDatagramSocket.join(dc.socket(), InetAddress.getByName("224.0.0.104"));
  byte [] array = new byte[5000];
  ByteBuffer bb = ByteBuffer.wrap(array);
  dc.receive(bb);
  System.out.println("Read from dc");
  } catch (Exception x) {
  x.printStackTrace();
  But it doesn't work - it just doesn't read. A simpler example is this:
  DatagramSocket ds = new DatagramSocket(port);
  ds.setReuseAddress(true);
  MyDatagramSocket.join(ds, InetAddress.getByName("224.0.0.104"));
  DatagramPacket dp = new DatagramPacket(array, 5000);
  ds.receive(dp);          /* READS FINE */
  So I know that my hack is working, but this fails:
  DatagramChannel dc = DatagramChannel.open();
  dc.socket().bind(new InetSocketAddress(port));
  dc.socket().setReuseAddress(true);
  MyDatagramSocket.join(dc.socket(), InetAddress.getByName("224.0.0.104"));
  DatagramPacket dp = new DatagramPacket(array, 5000);
  dc.socket().receive(dp);     /* NEVER READS */
  I've reduced the problem to one of the difference between a java.net.DatagramSocket - the standard DatagramSocket, and a sun.nio.ch.DatagramSocketAdaptor, which is what DatagramChannels seem to use.
  My questions are:
  a) Is there a proper way to do this, without my adding my own classes to java.net?
  b) If NO is the answer to a), any ideas what I'm doing wrong in my code?
  Many thanks for any assistance,
  Craig

  I've encountered the same problem in my code. The datagramChannel never receives incoming data. Doesn't matter the rate at which you send it or anything else. I don't see any way around this problem at the moment. If i find something i'll post it. Interesting enough, my friend who programs with C++ got non-blocking I/O with datagrams to work in windows. So this might just be java.

• How do you take information from one layer and switch it to another?

  I am trying to figure out how to take pictures and text that I have already placed on one layer and switch it to another layer. I have like 50 pages worth of information and I am trying to look for the easiest way to do this. In illustrator and Photoshop, its pretty easy. Wanting to know if it is the same because I have been trying but it is not there. Just in case it matters, Im using CS5 on a pc. Help is greatly appreciated.

  Hi Martin,
  Please follow the below steps.
  Step 1
  Create the separate layer. Select the content you want to move.
  Step 2
  Go to check layer panel, near the pen symbol icon, the below box drag to move up to the image layer, see sample
  Step 3
  This option use spread wise content, it will complete the task with fast. If more faster, please raise as question to Scripting Forum, they can suggest the tool.

• Dynamic VLAN assignment and Layer 3 switching on 300 series

  I have a SG300-28P switch. I just read in the Administration Guide that, when in Layer 3 mode, the switch doesn't support MAC-based VLAN or Dynamic VLAN Assignment.
  So, in order to assign a client to a VLAN based on their MAC or based on the response of a RADIUS server, we have to disable layer 3 features. Without layer 3 switching, the switch is unable to act as a default gateway and forward packets between VLANs. As a result, the VLANs can't communicate in any way, or access the internet, unless a separate router is connected to every VLAN. Right?
  I'm new to VLAN configuration and layer 3 switching so I wanted to check my understanding. Doesn't this limitation significantly reduce the usefulness of the DVA feature?
  I may well be confused and missing something regarding how this is typically used..

  Hello Glenn,
  Your concept about packet forwarding is correct. With a layer 2 switch, there must be something directing traffic with multiple subnets for intervlan communication or something that provides an IP route to give the request a path back for the request.
  The usefulness for the DVA feature, is not particularly limited to the switch as the switch will correctly assign the VLAN for you, as VS the L3 switch mode, you're dealing with IP addresses. In any scenario, you're going to require a router to get to the internet since the switch does not support NAT.
  Additionally, if you're router does not support VLAN, the L3 switch feature would still be the solution since you should be able to make a static route pointing back to the switch to allow any subnet to traverse the single media. It would still beg the question, how to assign VLAN dynamically.
  The answer, although (in my opinion is terrible) would be GVRP.  But, this application would require ALL of your network cards to be GVRP Enable / Capable which most likely is not the scenario for you (or most anyone else for that matter).

• Multiple VLANs through to layer 2 switch

  So long as each switch supports VLANing (which most manageable switches do), then yes. Some model numbers on the switches would help here though to be sure.
  Also, keep in mind that assigning VLANs is a layer 2 function, not layer 3. So long as you tag the VLANs you need to pass between the switches on the feed ports between them, you should be able to have them running without issue.
  Could you provide a little more detail as to what you're trying to accomplish so that we can better advise you how to proceed?

  Hello,
  Is it possible to send multiple vlans across a layer 3 dell powerconnect to a Meraki layer 2 switch and configure the ports to access the different vlans? 
  Is it also multiple vlans across a layer 3 dell powerconnect to a layer 2 dell powerconnect switch and configure the ports to access the different vlans? 
  I've been playing aound with this and I can't seem to get it done.
  Thanks for any help in advance.
  This topic first appeared in the Spiceworks Community

• My IPAD just stop to work. Blocked. I can not switch it on or off. Nothing happens. What can I do?

  My IPAD just stop to work. Blocked. I can not switch it on or off. Nothing happens. What can I do?

  If you mean that the screen is frozen then have you tried a reset ? Press and hold both the sleep and home buttons for about 10 to 15 seconds, after which the Apple logo should appear - you won't lose any content, it's the iPad equivalent of a reboot.

• Layer 2 switch

  required a layer 2 switch with following requirement below
  24 or 48 ports
  ppoE supported
  Redudant power supply
  Stackable.
  Please suggest a switch model with all the above features

  However if you mean poe-
  The 3750-X meets your requirements.
  http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/data_sheet_c78-584733.html

• Broadcast storms applicable on layer 3 switches?

  Dear all,
  Me and my collegue were wondering about the following on a cisco 3750 x layer 3 switch.
  Lets assume we configure the 3750 without vlans so we create several networks on the 3750. For example fa 0/1 has as network 10.10.10.0/24 with 10.10.10.1 as it being the default gateway. Fa 0/2 has as network 10.10.11.0/24 with 10.10.11.1 as it being the default gateway.
  The question is if a broadcast storm rages on network 10.10.10.0/24, would 10.10.10.0/24 only be affected by the broadcast storm or will network 10.10.11.0/24 also be affected due the broadcast?
  If we assume the same settings but we would utilize vlans then anetwork is definitely not being affected by a broadcast storm happening on an other network right?
  Thanks in advance for your help.
  kind regards

  Hi,
  When you configure an L3 port on your 3750
  int f0/1
  no switchport
  ip add 10.10.10.1 255.255.255.0
  no shut
  int f0/2
  no switchport
  ip add 10.10.11.1 255.255.255.0
  no shut
  The key is NO SWITCHPORT
  This takes the port out of L2 configuration therefore
  it does not belong to any VLAN and does not operate like an L2 port
  with regards to broadcast etc.
  Have a look at this link from a 3750 config guide
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/configuration/guide/scg3750/swint.html#wpmkr2208885
  Hope this helps
  Regards
  Alex